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(54) Pre-boot security controller 

(57) A pre-boot security controller in an electronic 
device is energized even though a power subsystem 
does not energize operation of a digital computer in the 
device. The security controller stores supervisor and us- 
er passwords in a nonvolatile password memory for 
comparison with a password entered using a security 
keypad. Upon entry of a matching password, the secu- 
rity controller enables the power subsystem to energize 



operation of the digital computer, and the security con- 
troller transitions from a security to an application oper- 
ating mode. In the application operating mode, the pre- 
boot security controller preserves data about pressings 
of the security keypad. A computer program executed 
by the digital computer may respond to recorded keypad 
pressing by initiating execution of a specific application 
computer program that a user associates with a specific 
key on the security keypad. 
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Description 

CLAIM OF PROVISIONAL APPLICATION RIGHTS 

[0001] This application claims the benefit of United 
States Provisional Patent Application No. 60/107,995, 
filed November 11 , 1998, and No. 60/121 ,643. filed Feb- 
ruary 24, 1999. 

BACKGROUND OF THE INVENTION 

Field of the Invention 

[0002] The present invention relates generally to se- 
curity protection tor computers and other microproces- 
sor controlled devices. More specifically, the invention 
relates to a method and apparatus for preventing the 
unauthorized use of such devices. 

Description of the Prior Art 

[0003] Numerous security systems and approaches 
have been developed for computers, computer systems 
and applications employing personal computers. Some 
of these security techniques seek to render the personal 
computer immobile by physically attaching it to some 
larger and heavier object. Other security techniques at- 
tempt to prevent unauthorized use of a personal com- 
puter and/or limit or prevent access to particular infor- 
mation stored on the computer. 
[0004] Conventional approaches for preventing unau- 
thorized use of personal computers and/or for limiting 
access to particular information stored on the computer 
include passwords, encryption, digital signatures, ac- 
cess control lists, and the like. These techniques may 
be employed at varying levels of access to the personal 
computer. For example, during the boot process the op- 
erating system may ask the user to enter a password. 
Or, a particular application program may ask a user for 
a password before allowing the user to execute the pro- 
gram. Likewise, access control lists may be used to limit 
a user's access to specified programs or to data at var- 
ious levels of operation within a particular program. 
Specified users may have read and write privileges, 
while other users may be restricted to read only privileg- 
es. 

[0005] However, all conventional approaches to com- 
puter security, other than rendering the personal com- 
puter immobile, become active only after the personal 
computer is energized and executing a computer pro- 
gram. However, mobility is an essential characteristic of 
portable, laptop or notebook personal computers, as 
well as other similar portable electronic devices that em- 
ploy integrated circuit ("IC") digital computers. Because 
all such information processing appliances are inherent- 
ly mobile and because they are comparatively valuable, 
their theft has become a significant problem. Once such 
a device has been stolen, even if the information stored 



within the device remains protected by one or more of 
the techniques identified above, new software may be 
installed in the device thereby restoring its commercial 
value to a new "purchaser." 
s [0006] If such a mobile information processing appli- 
ance were to become completely inoperable after being 
stolen, analogous to the inoperability of automobile ra- 
dios after being removed from their original vehicle, the 
economic motive for stealing information processing ap- 
10 pliances would disappear. Not only would inoperability 
of information processing appliances reduce the eco- 
nomic motive for stealing mobile information processing 
appliances, it would further increase the security of in- 
formation stored in such appliances. 

15 

BRIEF SUMMARY OF THE INVENTION 

[0007] An object of present invention is to disable an 
information processing appliance, such as a portable, 
20 laptop or notebook personal computer, so it becomes 
inoperable until unlocked by its authorized user. 
[0008] Another object of the present invention is to 
discourage theft of information processing appliances 
such as a portable, laptop or notebook personal com- 
25 puters. 

[0009] Another object of the present invention is to en- 
hance security for information processing appliances in- 
cluding portable, laptop or notebook personal comput- 
ers. 

30 [0010] Another object of the present invention is to fa- 
cilitate use of information processing appliances includ- 
ing portable, laptop or notebook personal computers. 
[0011] Briefly, an electronic device in accordance with 
the present invention includes both a digital computer 
35 and a power subsystem for energizing operation of the 
digital computer. Also included in the electronic device 
is a pre-boot security controller that receives electrical 
power even though the power subsystem is not energiz- 
ing operation of the digital computer. Moreover, the pre- 
40 boot security controller is coupled to the power subsys- 
tem for enabling the power subsystem to energize op- 
eration of the digital computer only afterthe pre-boot 
security controller receives a pre-recorded user pass- 
word. 

45 [0012] The pre-boot security controller is preferably 
an IC which includes a nonvolatile password memory 
that stores at least one user password. The pre-boot se- 
curity controller also includes a password input circuit 
for receiving a password that is to be compared with any 
so user passwords recorded in the password memory. If 
the pre-boot security controller is in a security operating 
mode, a digital logic circuit included in the pre-boot se- 
curity controller compares the password received by the 
password input circuit with any user passwords record- 
55 ed in the password memory. If the password received 
by the password input circuit matches a user passwords 
recorded in the password memory, an output circuit in- 
cluded in the pre-boot security controller, which is cou- 



2 



3 

pled to the digital logic circuit, transmits an output signal 
to the power subsystem that enables the power subsys- 
tem to energize the digital computer's operation. 
[0013] In a preferred embodiment of the pre-boot se- 
curity controller, the password input circuit is a keypad 
interface, and the electronic device includes a security 
keypad that is coupled to the keypad interface. In this 
preferred embodiment, a user of the electronic device 
enters a password using the security keypad that is 
compared with the user passwords recorded in the 
password memory. If the password input circuit of the 
pre-boot security controller receives a password which 
matches a user password recorded in the password 
memory, the pre-boot security controller transitions from 
the security operating mode to a application operating 
mode which energizes the digital computer's operation. 
When in the application operating mode the pre-boot se- 
curity controller preserves data about pressings of the 
security keypad rather than comparing such pressing 
with passwords recorded in the password memory. It is 
envisioned that a computer program executed by the 
digital computer may be advantageously enabled to re- 
spond to recorded keypad pressing by initiating execu- 
tion of a specific application computer program that a 
user has previously associated with a specific key. 
[001 4] This preferred embodiment of the pre-boot se- 
curity controller also includes a System Management 
Bus ("SMBus") interface that exchanges data with a 
SMB host included in the electronic device. A computer 
program executed by the digital computer included in 
the electronic device may exchange data with the pre- 
boot security controller via its SMBus interface. Data ex- 
changed between the computer program and the pre- 
boot security controller may program its security fea- 
tures, or may permit the computer program to ascertain 
which key of the security keypad has been pressed 
when the pre-boot security controller is in its application 
operating mode. 

[0015] These and other features, objects and advan- 
tages will be understood or apparent to those of ordinary 
skill in the art from the following detailed description of 
the preferred embodiment as illustrated in the various 
drawing figures. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0016] 

FIG. 1 is a block diagram illustrating a portion of an 
electronic device in accordance with the present in- 
vention that includes a digital computer, a power 
subsystem and a pre-boot security controller in ac- 
cordance with the present invention; and 
FIG. 2 is a block diagram illustrating in greater detail 
the pre-boot security controller of the present inven- 
tion that is depicted in FIG. 1. 
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DETAILED DESCRIPTION 

[0017] FIG. 1 depicts a portion of an electronic device 
such as a portable, laptop or notebook personal com- 
5 puter, referred to by the general reference character 20, 
that includes an IC digital computer 22. During normal 
operation of the electronic device 20, a power subsys- 
tem 24 supplies electrical power that energizes opera- 
tion of the digital computer 22 together with other por- 
tions of the electronic device 20 not illustrated in FIG. 1 . 
The power subsystem 24 receives electrical power from 
an electrical power source such as an AC/DC adapter 
or batteries via an input-power line 26 for conversion to 
and regulation of voltages suitable for energizing oper- 
ation of the digital computer 22. In the illustration of FIG. 
1 , the power subsystem 24 includes a DC/DC converter 
32 that supplies converted and regulated main operat- 
ing mode power and suspend operating mode power to 
the digital computer 22. and to other portions of the elec- 
tronic device 20 not illustrated in FIG. 1 , respectively via 
output-power lines 34a and 34b. A signal present on a 
system-power-switch line 36 enables or disables the 
DC/DC converter 32 for energizing operation of the en- 
tire electronic device 20. 

[0018] In accordance with the present invention, the 
electronic device 20 also includes an IC pre-boot secu- 
rity controller 42 that receives VCC electrical power from 
the DC/DC converter 32 via a VCC power, line 44. The 
DC/DC converter 32 supplies VCC electrical power to 
the pre-boot security controller 42 continuously when- 
ever the DC/DC converter 32 receives electrical power 
via the input-power line 26 and the signal present on the 
system-power-switch line 36 enables DC/DC converter 
32 for energizing operation of the entire electronic de- 
vice 20. Referring now to FIG. 2, the pre-boot security 
controller 42 includes a clock control 48 that supplies a 
CLK signal to a digital logic state machine 52. Operation 
of the state machine 52 may place the pre-boot security 
controller 42 into any one of three different operating 
modes. 

[0019] When the DC/DC converter 32 first supplies 
VCC electrical power to the pre-boot security controller 
42, a signal supplied to the pre-boot security controller 
42 via a RST# signal-line 54 is negated and a password 
has been previously recorded into a 512 byte nonvola- 
tile, electronically rewritable flash memory 56, the pre- 
boot security controller 42 enters a security operating 
mode. When the pre-boot security controller 42 is in the 
security operating mode, an output control 62, included 
in the pre-boot security controller 42, transmits signals 
to the DC/DC converter 32 via a OUT_PWR# signal-line 
64 and an OUT_SUS# signal-line 66 that inhibit the DC/ 
DC converter 32 from energizing operation of the digital 
computer 22, and other portions of the electronic device 
20 not illustrated in FIG. 1. Thus, while the signals 
present on the OUT_PWR# signal-line 64 and 
OUT_SUS# signal-line 66 are asserted, the electronic 
device 20, except for the pre-boot security controller 42, 
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the clock control 48 and a portion of the DC/DC convert- 
er 32, is inoperable. Moreover, to apprise a user ot the 
electronic device 20 that the pre-boot security controller 
42 is in the security operating mode, the output control 
62 transmits a signal on a LED signal-line 68 which illu- 
minates a LED included in a status output subsystem 
72 illustrated in FIG. 1. 

[0020] The pre-boot security controller 42 also in- 
cludes a password input circuit 82 which is a keypad 
input circuit in the preferred embodiment illustrated in 
FIG. 2. As better illustrated in FIG. 1, a keypad bus 84 
couples the password input circuit 82 to a 4-button se- 
curity keypad 86. The preferred password input circuit 
82 permits the security keypad 86 to operate with either 
one or the other of two different classes of keypads. One 
class of security keypad 86 employs scanning similar to 
that used for a conventional personal computer key- 
board. This class of keypad supplies a patterned scan- 
ning output to the keys while monitoring every key's in- 
put. A match between the patterned scanning output 
and a key indicates that the key is being pressed. The 
other class of security keypad 86 provides individual 
switches for each of the keys. Each switch included in 
the keypad has its own output terminal. For switch type 
keypads pressing a key grounds the signal at that key's 
output terminal. 

[0021] Using the security keypad 86, a user of the 
electronic device 20 may present a password to the 
state machine 52 for comparison with one or more pass- 
words recorded in the flash memory 56. Upon entering 
the security operating mode, the state machine 52 starts 
an ESCAPE timer that pressing any button on the se- 
curity keypad 86 resets. While the ESCAPE timer is run- 
ning the output signal from the output control 62 on the 
LED signal-line 68 keeps the LED illuminated. If for any 
reason the user does not finish entering the password 
sequence before the ESCAPE timer expires, even 
though the pre-boot security controller 42 remains in the 
security operating mode the output control 62 transmits 
a signal on a siren signal-line 88 to generate a warning 
beep on a siren included in the status output subsystem 
72. In addition to sounding a warning beep on the siren, 
the state machine 52 increases a count of failed pass- 
word attempts by one (1 ). If the count of failed password 
attempts reaches three (3), the state machine 52 starts 
a siren timer and the output control 62 transmits a signal 
on the siren signal-line 88 which by default activates the 
siren for one (1) minute. While the siren is sounding 
throughout the interval established by the siren timer, 
the user may still enter a valid password. However, if the 
siren timer expires, the pre-boot security controller 42 
stops the siren and enters a suspend operating mode. 
After the pre-boot security controller 42 enters the sus- 
pend operating mode, the process for entering a pass- 
word may again be restarted. 

[0022] When the user enters a password that is re- 
corded in the flash memory 56, the state machine 52 
exits the security operating mode and enters an appli- 



cation operating mode thereby operationally unlocking 
the electronic device 20. Transition of the state machine 
52 from the security operating mode to the application 
operating mode causes the output control 62 to negate 
s the signals present on the OUT_PWR# signal-line 64 
and the OUT_SUS# signal-line 66 which causes the DC/ 
DC converter 32 to energize the operation of the remain- 
der of the electronic device 20. 
[0023] A mode selection circuit 92 included in the pre- 
io boot security controller 42 may receive input signals via 
a SUSPEND* signal-line 94 and via a PWROFF# sig- 
nal-line 96. When the electronic device 20 is unlocked, 
the state machine 52 responds to assertion of signals 
received via the keypad bus 84 and/or the PWROFF# 
15 signal-line 96 by negating the signals present on the 
OUT_PWR# signal-line 64 and on the OUT_SUS# sig- 
nal-line 66. Negation of these two signals turns-off elec- 
trical power to the electronic device 20 except for the 
pre-boot security controller 42, the clock control 48 and 
20 a portion of the DC/DC converter 32. Such an event may 
occur when the user turns the electronic device 20 off. 
However, such an event may also occur if a computer 
program executed by the digital computer 22 causes the 
electronic device 20 to enter a power conserving oper- 
as ating mode in which the current operating state of the 
electronic device 20 is stored into a nonvolatile memory 
such as a hard disk, and in which operation of the digital 
computer 22 and other portions of the electronic device 
20 are suspended. 
30 [0024] Upon suspending operation of the electronic 
device 20. the pre-boot security controller 42 corre- 
spondingly enters its suspend operating mode. If the 
pre-boot security controller 42 is in the suspend operat- 
ing mode, toggling a signal supplied to the mode selec- 
ts tion circuit 92 via an ARM# signal-line 98 transitions the 
pre-boot security controller 42 from the suspend oper- 
ating mode to its security operating mode. If the pre-boot 
security controller 42 enters the security operating mode 
from the suspend operating mode, as mentioned previ- 
40 ously restoring the electronic device 20 to full operation 
requires that the user enter a password that is recorded 
in the flash memory 56. However, if the state machine 
52 remains in the suspend operating mode following en- 
try of a valid password and does not enter the suspend 
45 operating mode, then the electronic device 20 may be 
restored to full operation without the user re-entering a 
password. 

[0025] The flash memory 56 preferably records two 
different types of passwords, two (2) user passwords 

so and a supervisor password that acts as a master key for 
the electronic device 20. Both the user passwords and 
the supervisor password are twenty (20) bits long. In 
combination with the 4-button security keypad 86, re- 
cording twenty (20) bit long passwords provides more 

55 than 800,000 possible password consisting of between 
one (1 ) and five (5) successive key combinations. The 
separate twenty (20) bit supervisor password together 
with two (2) twenty (20) bit user passwords accommo- 



-«DOC1p-<EP— 1,00133 1 A2zt>- 



EP 1 001 331 A2 



8 



dates most corporate or individual security needs. 
[0026] The pre-boot security controller 42 preferably 
provides two different ways the user passwords and the 
supervisor password may be recorded. One way for re- 
cording these passwords employs the security keypad 
86. To place the pre-boot security controller 42 into a 
user password entry mode the user concurrently press- 
es an enter key 102 and a number one key 104 contin- 
uously through a five second interval. To place the pre- 
boot security controller 42 into a supervisor password 
entry mode the user concurrently presses a enter key 
102 and a number two key 106 continuously through a 
five second interval. While in either the user or supervi- 
sor password entry modes, the signal supplied to the 
status output subsystem 72 via the LED signal-line 68 
causes the LED to blink on and off until the user again 
presses the security keypad 86. 
[0027] As depicted in FIG. 1 , the password input cir- 
cuit 82 receives input signals from four (4) numeric keys 
104 through 112 and from the enter key 102. Operation 
of the state machine 52 and the capacity of the flash 
memory 56 permits recording up to five (5) successive 
combinations of ail four numeric keys 104 through 112, 
i.e. five (5) successive numbers each having a value be- 
tween one (1) and fifteen (15). After pressing one (1) to 
five (5) successive combinations of the four (4) numeric 
keys 104 through 112, pressing the enter key 102 
records the password into the flash memory 56. After 
entering either password, the pre-boot security control- 
ler 42 enters the security operating mode upon restart- 
ing the electronic device 20, or upon asserting of the 
signal present on the ARM# signal-line 96. 
[0028] A SMBus interface 122 included in the pre- 
boot security controller 42 provides a second way by 
which the user and supervisor passwords may be re- 
corded into the flash memory 56. As depicted in FIG. 1, 
a SMBus 124 interconnects the SMBus interface 122 of 
the pre-boot security controller 42 with a SMBus host 
126 included in the electronic device 20. Usually the 
electronic device 20 provides the SMBus host 126 in 
one of two different ways. One way in which the elec- 
tronic device 20 provides the SMBus host 126 is by in- 
cluding a system controller IC that has the SMBus host 
126, e.g. an Intel Corporation 82371 SB IC identified as 
"Southbridge." A description of Intel's Southbridge IC, 
that is hereby incorporated by reference, can be ob- 
tained at the following Internet address. 

http://developer.lntel.com/design/intarch/em- 
bdmodl.htm 

Another way in which the pre-boot security controller 42 
can provide the SMBus host 1 26 is by including an em- 
bedded controller, a keyboard controller or a power 
management controller IC that has the SMBus host 1 26. 
Additional, more detailed information about the SMBus 
specifications and protocol is provided by: 

System Management Bus Specification, Revision 
1.1, © 1996, 1997, 1998, Benchmarq Microelec- 
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tronics Ind., Duracell Inc., Energizer Power Sys- 
tems, Intel Corporation, Linear Technology Corpo- 
ration, Maxim Integrated Products, Mitsubishi Elec- 
tric Corporation, National Semiconductor Corpora- 
tion, Toshiba Battery Co., Varta Batterie AG, De- 
cember 11, 1998; and 

System Management Bus BIOS Interface Specifi- 
cation, Revision 1.0, © 1996, Benchmarq Microe- 
lectronics Ind., Duracell Inc., Energizer Power Sys- 
tems, Intel Corporation, Linear Technology Corpo- 
ration, Maxim Integrated Products, Mitsubishi Elec- 
tric Corporation, National Semiconductor Corpora- 
tion, Toshiba Battery Co., Varta Batterie AG, Feb- 
ruary 15, 1995. 



The publications listed above are hereby incorporated 
by reference as though fully set forth here. 
[0029] In accordance with the SMBus specification, 
the SMBus interface 122 uses an input SMBus clock sig- 

20 nal-line 132, a bidirectional SMBus data-input/output 
signal-line 134, and an output SMBus alert signal-line 
1 36 included in the SMBus 1 24 for exchanging data with 
the SMBus host 126. In exchanging data with the SM- 
Bus host 126, the pre-boot security controller 42 uses 

25 the SMBus Write Word and Read Word protocols. 

[0030] To permit recording the user or supervisor 
passwords into a OEM Defined Flash Memory (ODFM) 
space in the flash memory 56, the pre-boot security con- 
troller 42 includes an OEM Defined Index Port ("ODIP"). 

30 A write only register in a register block 142 included in 
the state machine 52, the Programmable OEM Defined 
Index ("ODI") register, specifies an index or sub-address 
that has been assigned that must be used communicat- 
ing with the ODIP via the SMBus 1 24. The data in a high- 

35 order byte of the ODI register, which is physically located 
in the flash memory 56, has a default value of 40h. A 
manufacturer of the electronic device 20 may arbitrarily 
select and record an index or sub-address value of 40h 
to OFEh into the ODI register. The value present in the 

40 ODI register effectively specifies a port address that the 
SMBus host 126 must use in accessing user or super- 
visor passwords, or other security features of the pre- 
boot security controller 42. Thus, either using the default 
value of 40h or another ODIP index or sub-address re- 

45 corded by the manufacturer into the ODI register, com- 
mands from the SMBus host 126 may access secure 
areas in the flash memory 56 such as those storing 
passwords or other security information. 
[0031] A WR_ODIP_OK status bit in a Password Sta- 

50 tus register, also included in the register block 142, in- 
dicates whether an address for the ODI P has been suc- 
cessfully stored into ODI register. In recording user 
passwords or the supervisor password into the flash 
memory 56 via the SMBus 124, a computer program 

55 must first read this WR_ODIP_OK status bit to confirm 
that the ODI register contains a valid ODIP index or sub- 
address. The WR_ODIP_OK status bit can be cleared 
by writing a "1 1 to that register location. 
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[0032] An ODIPOTP bit in a OTP register included in 
the register block 142 permits a manufacturer of the 
electronic device 20 to permanently protect the ODIP 
address recorded in the ODI register. The ODIPOTP bit 
in a OTP register is a sticky bit. That is, the ODIPOTP 
bit will always remain one (1 ) after first being set to that 
value. Moreover, setting the ODIPOTP bit to one (1) pre- 
vents subsequently either writing an ODIP address into 
the ODI register, or even reading the contents of the ODI 
register. If ODIPOTP bit is set, attempting to read the 
ODI register always returns a value of "OOh." The ODI- 
POTP bit in the OTP register may be read to determine 
whether the index stored into the ODI register is write 
and read protected. 

[0033] User and supervisor passwords are recorded 
into the flash memory 56 using the SMBus 124 if such 
passwords are not already recorded in the flash memory 
56 and the SMBus host 126, using the ODIP, transmits 
a command to the pre-boot security controller 42 to 
record the password at the appropriate location in the 
flash memory 56. If a password is already stored in the 
flash memory 56, then the SMBus host 126 must first 
transmit a command to the pre-boot security controller 
42 which verifies the stored password. After the pass- 
word to be replaced has been verified, the SMBus host 
1 26 may then transmit a command to the pre-boot se- 
curity controller 42 to record the password at the appro- 
priate location in the flash memory 56. 
[0034] The pre-boot security controller 42 permits us- 
er and supervisor passwords to be erased if they are no 
longer needed. New passwords can be entered only if 
the old one has been erased or verified before recording 
the new password. Supervisor and user passwords can 
be erased using the security keypad 86. If the user con- 
currently presses a number three key 108 and the enter 
key 102 for more than five (5) seconds and then enters 
either the user or the supervisor password, the user 
password will be erased. This feature allows the super- 
visor to change the user passwords without knowing ei- 
ther user password. After the user passwords have 
been erased, a new user password can then be entered 
as described above. 

[0035] Concurrently pressing a number four key 112 
and the enter key 102 for more than five (5) seconds 
places the pre-boot security controller 42 into a super- 
visor password erase mode. After the pre-boot security 
controller 42 enters the supervisor password erase 
mode, the supervisor password may be erased by en- 
tering that password. After the supervisor password has 
been erased, a new supervisor password can then be 
entered as described above. 

[0036] Similar to using the security keypad 86 for en- 
tering passwords, when erasing passwords the LED be- 
gins blinking and the state machine 52 starts the ES- 
CAPE timer. Depressing any button resets the ESCAPE 
timer. If for any reason the user does not finish the se- 
quence before the ESCAPE timer expires, the pre-boot 
security controller 42 returns to its previous state. Fol- 



lowing entry of an incorrect password in either of the 
password erase modes the pre-boot security controller 
42 produces an error tone and the pre-boot security con- 
troller 42 terminates the password erasing operation. 

5 [0037] Erasing user and supervisor passwords from 
the flash memory 56 using the SMBus 1 24 requires that 
the SMBus host 1 26 first transmit a command to the pre- 
boot security controller 42 which verifies the stored 
password. After the password to be erased has been 

10 verified, the SMBus host 126 may then transmit an 
erase command to the pre-boot security controller 42. 
[0038] The register block 142 also includes a config- 
uration register which includes a bit that a command 
from the SMBus host 126 may set to prevent entry of 

is user or supervisor passwords using the security keypad 
86. 

[0039] In addition to the user and supervisor pass- 
words, the pre-boot security controller 42 also provides 
additional locations in the flash memory 56 into which a 

20 manufacturer of the electronic device 20, using the 
ODIP, may record additional security data for the elec- 
tronic device 20. For such purposes a manufacturer of 
the electronic device 20 may record a thirty-two (32) bit 
long system identification number ("SIN"). The SIN, in 

25 principle, permits the manufacturer, if desired, to identify 
a specific electronic device 20 at some future date. In- 
formation stored in the SIN may include model serial 
number, lot number, manufacture date/place together 
with other significant information required for customer 

30 service. A manufacturer can customize information 
stored in the SIN to their individual needs. 
[0040] In addition to the SIN, a manufacturer of the 
electronic device 20 may also record in the flash mem- 
ory 56 a twenty (20) bit long KEY which a manufacturer 

35 may subsequently use, as explained in greater detail be- 
low, in causing the pre-boot security controller 42 gen- 
erate and record an encrypted version of the SIN. Lastly, 
a manufacturer may also record in the flash memory 56 
a twenty (20) bit long personal identification number 

40 ("PIN"). The PIN is a manufacturer controlled master 
key for the electronic device 20 that enables the manu- 
facturer to unlock the electronic device 20 using the se- 
curity keypad 86 independently of the user or supervisor 
password. The PIN should be unique for every electron- 

45 j C device 20, and should be treated as confidential in- 
formation by the manufacturer. If an end-user requires 
assistance in unlocking the electronic device 20 per- 
haps because the user and supervisor passwords have 
become unobtainable, after verifying the end-user's 

50 identity the manufacturer may permit the electronic de- 
vice 20 to be unlocked using the PIN. 
[0041] The electronic device 20 permits a manufac- 
turer to employ one or another of two different types of 
PIN. Similar to a user or supervisor password, a manu- 

55 facturer records the first type of PIN into the flash mem- 
ory 56 using the SMBus 124. A PIN recorded into the 
flash memory 56 in this way is referred to as an "EASY 
PIN," and is recorded at the same location in the flash 
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memory 56 as the KEY. Entering the EASY PIN through 
the security keypad 56 while the pre-boot security con- 
troller 42 is in the security operating mode unlocks the 
electronic device 20 while concurrently erasing the user 
and supervisor passwords. The pre-boot security con- 5 
troller 42 generates a second type of PIN by encrypting 
the SIN with the KEY A PIN recorded into the flash 
memory 56 in this way is referred to as a "CIPHERED 
PIN" as contrasted with the EASY PIN. Similar to the 
EASY PIN. entry of the CIPHERED PIN through the se- 10 
curity keypad 66 while the pre-boot security controller 
42 is in the security operating mode also unlocks the 
electronic device 20 ard concurrently erases the user 
and supervisor passwo-ds 

[0042] The EASY =>IN and CIPHERED PIN are mutu- is 
ally exclusive. II values have been recorded in the flash 
memory 56 for bcth types ot PiNs. generation of the CI- 
PHERED PIN cajscs data recorded at the EASY PIN, 
i.e. KEY, location to be automatically erased. In gener- 
ating the CIPHERED PIN :he pre-bool security control- 20 
ler 42 employs a stream enciyption algorithm in which 
the KEY operates on the SIN on a bit-by-bit basis. The 
stream algorithm is set for.h below. 

CYPERED PIN p = S!N s xor KEY R 25 

Where p = 1 to 20, s - 1 to 20. k = 1 to 20. If any hexa- 
decimal digit of CYPERED PIN is "1111", it can be re- 
placed with a replacement digit ("RD") previously re- 30 
corded into the flash memory 56 via the SMBus 124. 
[0043] The pre-boot security controller 42 provides 
the mutually exclusive EASY PIN and CYPERED PIN 
so a manufacturer may easily configure security fea- 
tures of the pre-boot security controller 42 for its mar- 35 
keting and customer service organization. Using the SI N 
and EASY PIN, a manufacturer records both values into 
the flash memory 56 before shipping the electronic de- 
vice 20. Conversely, use of the SIN and CYPERED PIN 
permits delaying recording those values into the flash 40 
memory 56 until ownership of the electronic device 20 
is registered. Use of the SIN and EASY PIN technique 
may require only minor changes in production sequence 
together with accurate data base management Con- 
versely, use of the SIN and CYPERED PIN technique 45 
eliminates any need for manufacturing changes to ena- 
ble the security features of the pre-boot security control- 
ler 42 as products change. However, use of the SIN and 
CYPERED PIN technique requires a reliable product 
registration process and maintaining a data base of so 
those registrations. 

[0044] The SIN, KEY and EASY PIN can only be ac- 
cessed for recording, verification and erasure through 
the SMBus interface 122. However, only the SIN can 
also be read via the SMBus interface 122. Similar to the ss 
ODIP, bits in the Password Status respectively indicate 
whether a SIN, KEY and EASY PIN are present in the 
flash memory 56. Also similar to the ODIR the OTP reg- 



ister provides sticky bits to prevent over-writing the SIN, 
the KEY and/or the PIN. The protection afforded by the 
sticky bits in the OTP register is further augmented to 
prevent compromising the security provided by the pre- 
boot security controller 42 if a manufacturer maintains 
as confidential the index or sub-address value recorded 
in the ODI register that specifies the ODI P port index or 
sub-address. 

[0045] The pre-boot security controller 42 permits lim- 
ited access to the SIN, KEY PIN, RD, and supervisor 
and user passwords through the ODIR If one of these 
items has not already been recorded into the flash mem- 
ory 56, then the pre-boot security controller 42 will ac- 
cept a command to record a first value for that item. The 
pre-boot security controller 42 will verify a recorded val- 
ue for any of these items by comparing a value supplied 
to the pre-boot security controller 42 via the SMBus in- 
terface 1 22 with the value recorded in the flash memory 
56. Furthermore, if sticky bits have not been set in the 
OTP register for the ODIP, SIN, KEY and/or PIN, after 
successfully verifying one of these items any value re- 
corded in the flash memory 56 for them may be erased 
and/or a new value recorded. Also after verification, the 
RD and supervisor and user passwords may always be 
erased and/or a new value recorded. However, in per- 
forming these operations on values recorded in the flash 
memory 56, as described above a manufacturer either 
must first record the ODIP index or sub-address in the 
ODI register and then use that index or sub-address in 
accessing the security data, or must use the default val- 
ue of 40h provided by the pre-boot security controller 42 
when accessing such data. 

[0046] Upon entry of a proper password into the se- 
curity keypad 86, the pre-boot security controller 42 en- 
ters its application operating mode. When the pre-boot 
security controller 42 is in the application operating 
mode it responds to pressing any key 102 through 112 
of the security keypad 86 by storing in the register block 
142 data indicating which key 102 through 112 has been 
pressed, and by transmitting a SMBus alert, i.e. an in- 
terrupt, to the SMBus host 1 26. The computer program 
executed by the digital computer 22, after interrogating 
the pre-boot security controller 42 via the SMBus 1 24 to 
determine which key 102 through 112 has been 
pressed, may respond appropriately to that event. Spe- 
cifically, it is envisioned that the computer program may 
be advantageously enabled to respond to pressing any 
of the keys 102 through 112 by initiating execution of a 
specific application computer program that has been as- 
sociated with a specific key 102 through 112 by a user 
of the electronic device 20 prior to the key pressing 
event. 

[0047] The register included in the register block 142 
which stores the data that indicates which of the keys 
102 through 112 has been pressed stores such data for 
only one of the keys 102 through 112. Subsequent 
pressings of any of the keys 102 through 112 after one 
key 1 02 through 1 1 2 has been pressed are ignored until 
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the computer program executed by the digital computer 
22, accessing the register block 142 via the SMBus 124, 
clears the register in the register block 142 which stores 
the key pressing data. 

[0048] Although the present invention has been de- 
scribed in terms of the presently preferred embodiment, 
it is to be understood that such disclosure is purely illus- 
trative and is not to be interpreted as limiting. For exam- 
ple, while the present invention discloses recording and 
subsequently entering user and supervisor passwords 
via the security keypad 86, technologies exist for record- 
ing and subsequently entering passwords in other ways 
such as biometric identification. Consequently, biomet- 
ric identification techniques which utilize unique physi- 
cal characteristics of individuals, for example finger print 
matching, palm print matching, handwriting matching, 
retinal scan matching, or voice matching, are all com- 
patible with the present invention. Therefore, the 
present invention envisions a likelihood that the pass- 
word input circuit 82 may be adapted to receive such 
biometric password data instead of a sequence of num- 
bers entered through the security keypad 86. Analo- 
gously, the present invention also envsions the state 
machine 52 comparing biometric data received via the 
password input circuit 82 with biometric data previously 
obtained via the password input circuit 32 and recorded 
into the flash memory 56. Analogously another type of 
digital logic circuit, such as a microprocessor or a pro- 
grammable embedded controller, could be included in 
the pre-boot security controller 42 instead of the pre- 
ferred state machine 52. Consequently, without depart- 
ing from the spirit and scope of the invention, various 
alterations, modifications, and/or alternative applica- 
tions of the invention will, no doubt, be suggested to 
those skilled in the art after having read the preceding 
disclosure. Accordingly, it is intended that the following 
claims be interpreted as encompassing all alterations, 
modifications, or alternative applications as fall within 
the true spirit and scope of the invention. 
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Claims 

1. A pre-boot security controller adapted for inclusion 
in an electronic device that includes both a digital 
computer and a power subsystem for energizing op- 
eration of the digital computer, the pre-boot security 
controller receiving electrical power even though 
the power subsystem is not energizing operation of 
the digital computer and being adapted for enabling 
the power subsystem to energize operation of the 
digital computer upon receiving a pre-recorded user 
password by the pre-boot security controller, the 
pre-boot security controller comprising: 

a nonvolatile password memory that stores at 

least one user password; 

a password input circuit for receiving a pass- 



word that is to be compared with any user pass- 
words recorded in said password memory; 
a digital logic circuit for comparing the pass- 
word received by said password input circuit 
with any user passwords recorded in said pass- 
word memory if the pre-boot security controller 
is in a security operating mode; and 
an output circuit that is coupled to said digital 
logic circuit for transmitting an output signal to 
the power subsystem that enables the power 
subsystem to energize operation of the digital 
computer if the password received by said 
password input circuit matches a user pass- 
words recorded in said password memory. 

2. The pre-boot security controller of claim 1 wherein 
said password memory is electronically rewritable. 

3. The pre-boot security controller of claim 1 wherein 
said password memory separately records at least 
one user password and at least one supervisor 
password. 

4. The pre-boot security controller of claim 1 wherein 
said password input circuit is a keypad interface that 
is adapted to be coupled to a security keypad for 
receiving the password that a user of the electronic 
device enters using the security keypad lor compar- 
ison with user passwords recorded in said pass- 
word memory. 

5. The pre-boot security controller of claim 4 wherein, 
when in a password entry mode, the keypad inter- 
face may also receive from the security keypad user 
passwords that the digital logic circuit records in 
said password memory. 

6. The pre-boot security controller of claim 4 wherein 
upon receiving a password by said password input 
circuit which matches a user password recorded in 
said password memory, the pre-boot security con- 
troller transitions from the security operating mode 
to an application operating mode in which the pre- 
boot security controller preserves data about press- 
ings of the security keypad. 

7. The pre-boot security controller of claim 1 wherein 
said digital logic circuit is a state machine. 



so a The pre-boot security controller of claim 1 wherein 
said output circuit also provides an output signal 
which indicates existence of the security operating 
mode. 

55 9. The pre-boot security controller of claim 1 further 
comprising a System Management Bus ("SMBus") 
interface adapted to exchange signals with a SM- 
Bus included in the electronic device, said SMBus 
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interface enabling the pre-boot security controller to 
receive user passwords for storage in said pass- 
word memory. 

10. An electronic device comprising: 5 

a digital computer; 

a power subsystem for energizing operation of 
said digital computer; and 
a pre-boot security controller that receives 10 
electrical power even though said power sub- 
system is not energizing operation of said dig- 
ital computer and that is coupled to said power 
subsystem for enabling said power subsystem 
to energize operation of said digital computer is 
upon receiving a pre-recorded user password 
by said pre-boot security controller, said pre- 
boot security controller including: 

a nonvolatile password memory that stores 20 
at least one user password; 
a password input circuit for receiving a 
password that is to be compared with any 
user passwords recorded in said password 
memory; 2s 
a digital logic circuit for comparing the 
password received by said password input 
circuit with any user passwords recorded 
in said password memory if the pre-boot 
security controller is in a security operating 30 
mode; and 

an output circuit that is coupled to said dig- 
ital logic circuit for transmitting an output 
signal to said power subsystem that ena- 
bles said power subsystem to energize op- 35 
eration of said digital computer if the pass- 
word received by said password input cir- 
cuit matches a user passwords recorded in 
said password memory. 

40 

11. The electronic device of claim 10 wherein said 
password memory included in said pre-boot secu- 
rity controller is electronically rewritable. 

12. The electronic device of claim 10 wherein said 
password memory included in said pre-boot secu- 
rity controller separately records at least one user 
password and at least one supervisor password. 

13. The electronic device of claim 10 wherein said so 
password input circuit included in said pre-boot se- 
curity controller is a keypad interface, the electronic 
device further comprising a security keypad that is 
coupled to the keypad interface to transmit thereto 

for comparison with user passwords recorded in 5 & 
said password memory the password that a user of 
the electronic device enters using the security key- 
pad. 
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14. The electronic device of claim 13 wherein the key- 
pad interface of said pre-boot security controller, 
when said pre-boot security controller is in a pass- 
word entry mode, may also receive from the secu- 
rity keypad user passwords that the digital logic cir- 
cuit records in said password memory. 

15. The electronic device of claim 1 3 wherein said pre- 
boot security controller, upon receiving a password 
by said password input circuit which matches a user 
password recorded in said password memory, tran- 
sitions from the security operating mode to a appli- 
cation operating mode in which the pre-boot secu- 
rity controller preserves data about pressings of the 
security keypad. 

16. The electronic device of claim 10 wherein said dig- 
ital logic circuit included in said pre-boot security 
controller is a state machine. 

17. The electronic device of claim 10 wherein said out- 
put circuit of said pre-boot security controller also 
provides an output signal which indicates existence 
of the security operating mode, the electronic de- 
vice further comprising a status output subsystem 
which receives the output signal and presents a us- 
er of the electronic device with a perceptible indica- 
tion that the security operating mode exists. 

18. The electronic device of claim 10 wherein said pre- 
boot security controller further includes a SMBus in- 
terface, the electronic device further comprising a 
SMBus host that is coupled by a SMBus to the SM- 
Bus interface thereby enabling a computer program 
executed by said digital computer to record user 
passwords into said password memory via the SM- 
Bus. 
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(54) Pre-boot security controller 



(57) A pre-boot security controller in an electronic 
device is energized even though a power subsystem 
does not energize operation of a digital computer in the 
device. The security controller stores supervisor and us- 
er passwords in a nonvolatile password memory for 
comparison with a password entered using a security 
keypad. Upon entry of a matching password, the secu- 
rity controller enables the power subsystem to energize 



operation of the digital computer, and the security con- 
troller transitions from a security to an application oper- 
ating mode. In the application operating mode, the pre- 
boot security controller preserves data about pressings 
of the security keypad. A computer program executed 
by the digital computer may respond to recorded keypad 
pressing by initiating execution of a specific application 
computer program that a user associates with a specific 
key on the security keypad. 
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